According to reports, the Downadup worm, also known as Conficker, has infected nine million PCs around the world. This worm is so virulent that it has infected as many as one million PCs in a 24-hour period. According to Symantec, it has discovered variants, Downadup.A and Downadup.B. The worm appears to affect PCs running Windows XP SP1 the most. However, XP SP2, 2000, 2003, and Vista have been reported to be vulnerable to the threat as well.
Symptoms of the worm include account lockout policies being reset automatically, domain controllers responding slowly to client requests, networks unusually congested, and certain Windows services such as automatic updates disabled.
To check my PC for the worm, I downloaded the free online version of ActiveScan 2.0 from Panda. The software scans for viruses, worms, spyware and other threats. The download took 2 minutes with my super-fast fiber connection and ran for roughly 70 minutes checking for threats.
To remove the worm, Symantec has a removal tool. Since I did not have the worm on any of my PCs, I did not have a chance to use the removal tool. I did read the instructions and they are pretty straightforward. The tool terminates the affected processes, deletes any associated files and cleans the registry.
What I really find interesting about this worm is that Microsoft released a patch (MSO8-067) to fix the flaw that this worm exploits back in October of 2008. What this tells me is that people are not applying patches in a timely manner. Although I do not like defending Microsoft, I have to stick up for the company this time around. This is a good example of a vendor releasing a patch and people not taking the time to install it.